summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/policy-default.c44
-rw-r--r--src/policy-deny.c56
2 files changed, 49 insertions, 51 deletions
diff --git a/src/policy-default.c b/src/policy-default.c
index a09bb1a..8d70684 100644
--- a/src/policy-default.c
+++ b/src/policy-default.c
@@ -84,52 +84,14 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void
return true;
}
-#ifdef HAVE_SMACK
-static bool
-ivi_policy_default_shell_bind_interface(void *client, void *interface)
-{
- struct wl_interface *shell_interface = interface;
- struct wl_client *conn_client = client;
-
- pid_t pid, uid, gid;
- int client_fd;
- char *label;
- bool ret = false;
-
- wl_client_get_credentials(conn_client, &pid, &uid, &gid);
-
- client_fd = wl_client_get_fd(conn_client);
- if (smack_new_label_from_socket(client_fd, &label) < 0) {
- return ret;
- }
-
- if (strcmp(shell_interface->name, "agl_shell") == 0)
- if (strcmp(label, "User::App::homescreen") == 0)
- ret = true;
-
- if (strcmp(shell_interface->name, "agl_shell_desktop") == 0)
- if (strcmp(label, "User::App::launcher") == 0 ||
- strcmp(label, "User::App::alexa-viewer") == 0 ||
- strcmp(label, "User::App::tbtnavi") == 0 ||
- strcmp(label, "User::App::hvac") == 0)
- ret = true;
-
- if (ret)
- weston_log("Client with pid %d, uid %d, gid %d, allowed "
- "to bind to %s for label %s\n", pid, uid, gid,
- shell_interface->name, label);
-
- /* client responsible for free'ing */
- free(label);
- return ret;
-}
-#else
+/* we allow all applications to bind to private extensions. See the deny-all
+ * policy instead for how to retrieve the clients fd and its label to check
+ * against */
static bool
ivi_policy_default_shell_bind_interface(void *client, void *interface)
{
return true;
}
-#endif
static bool
ivi_policy_default_allow_to_add(void *user_data)
diff --git a/src/policy-deny.c b/src/policy-deny.c
index 5b2336a..823f331 100644
--- a/src/policy-deny.c
+++ b/src/policy-deny.c
@@ -33,10 +33,26 @@
#include <string.h>
#include "shared/helpers.h"
+#ifdef HAVE_SMACK
+static const char *const bind_agl_shell[] = {
+ "User::App::homescreen",
+ "User::App::cluster-gauges" /* cluster-dashboard */
+};
+
+static const char *const bind_agl_shell_desktop[] = {
+ "User::App::launcher",
+ "User::App::alexa-viewer",
+ "User::App::tbtnavi",
+ "User::App::hvac",
+ "User::App::xdg-cluster-receiver", /* cluster-receiver, native XDG app*/
+ "User::App::cluster-receiver" /* cluster-receiver, Qt app */
+};
+#endif
-static const char *const applications_permitted[] = { "homescreen", "alexa-viewer",
- "launcher", "hvac",
- "navigation", "mediaplayer" };
+static const char *const applications_permitted[] = {
+ "homescreen", "alexa-viewer", "launcher", "hvac",
+ "navigation", "mediaplayer"
+};
/* helper start searches the applications_permitted for the
* app_id
@@ -51,6 +67,31 @@ ivi_policy_verify_permitted_app(const char *app_id)
return false;
}
+#ifdef HAVE_SMACK
+/* helper to determine which applications are allowed to bind to the
+ * private extensions
+ */
+static bool
+ivi_policy_check_bind_agl_shell(const char *app_id)
+{
+ for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell); i++)
+ if (strcmp(app_id, bind_agl_shell[i]) == 0)
+ return true;
+
+ return false;
+}
+
+static bool
+ivi_policy_check_bind_agl_shell_desktop(const char *app_id)
+{
+ for (size_t i = 0; i < ARRAY_LENGTH(bind_agl_shell_desktop); i++)
+ if (strcmp(app_id, bind_agl_shell_desktop[i]) == 0)
+ return true;
+
+ return false;
+}
+#endif
+
static bool
ivi_policy_verify_ivi_surface(struct ivi_surface *surf)
{
@@ -124,15 +165,10 @@ ivi_policy_default_shell_bind_interface(void *client, void *interface)
}
if (strcmp(shell_interface->name, "agl_shell") == 0)
- if (strcmp(label, "User::App::homescreen") == 0)
- ret = true;
+ ret = ivi_policy_check_bind_agl_shell(label);
if (strcmp(shell_interface->name, "agl_shell_desktop") == 0)
- if (strcmp(label, "User::App::launcher") == 0 ||
- strcmp(label, "User::App::alexa-viewer") == 0 ||
- strcmp(label, "User::App::tbtnavi") == 0 ||
- strcmp(label, "User::App::hvac") == 0)
- ret = true;
+ ret = ivi_policy_check_bind_agl_shell_desktop(label);
if (ret)
weston_log("Client with pid %d, uid %d, gid %d, allowed "